Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4404 | 1 Universal Ircd | 1 Ircu | 2026-04-23 | N/A |
| ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command. | ||||
| CVE-2007-4410 | 1 Universal Ircd | 1 Ircu | 2026-04-23 | N/A |
| ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops. | ||||
| CVE-2007-4411 | 1 Universal Ircd | 1 Ircu | 2026-04-23 | N/A |
| ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies. | ||||
| CVE-2007-4412 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side." | ||||
| CVE-2007-4413 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter. | ||||
| CVE-2007-4415 | 1 Cisco | 1 Vpn Client | 2026-04-23 | N/A |
| Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. | ||||
| CVE-2007-4425 | 1 Live For Speed | 1 Live For Speed | 2026-04-23 | N/A |
| Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track. | ||||
| CVE-2007-4427 | 1 Intersystems | 1 Cache Database | 2026-04-23 | N/A |
| Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116. | ||||
| CVE-2007-4432 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2026-04-23 | N/A |
| Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | ||||
| CVE-2007-4442 | 1 Epic Games | 1 Unreal Engine | 2026-04-23 | N/A |
| Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII. | ||||
| CVE-2007-4443 | 1 Epic Games | 1 Unreal Engine | 2026-04-23 | N/A |
| The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. | ||||
| CVE-2007-4447 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character. | ||||
| CVE-2007-4453 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable | ||||
| CVE-2007-4455 | 1 Asterisk | 3 Asterisk, Asterisk Appliance Developer Kit, Asterisknow | 2026-04-23 | N/A |
| The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. | ||||
| CVE-2007-4478 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. | ||||
| CVE-2007-4480 | 1 Wordpress | 1 Sirius | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-4481 | 1 Wordpress | 1 Blix | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-4482 | 1 Wordpress | 1 Pool | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-4485 | 1 Butterfly | 1 Butterfly | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter. | ||||
| CVE-2007-4487 | 1 Dscripting.com | 1 D22-shoutbox | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||